Forgot your password?
typodupeerror
Privacy

Assange: Google Is Not What It Seems 174

Posted by timothy
from the mixed-motivations dept.
oxide7 (1013325) writes "In June 2011, Julian Assange received an unusual visitor: the chairman of Google, Eric Schmidt. They outlined radically opposing perspectives: for Assange, the liberating power of the Internet is based on its freedom and statelessness. For Schmidt, emancipation is at one with U.S. foreign policy objectives and is driven by connecting non-Western countries to Western companies and markets. These differences embodied a tug-of-war over the Internet's future that has only gathered force subsequently. Assange describes his encounter with Schmidt and how he came to conclude that it was far from an innocent exchange of views."
Cellphones

'Microsoft Lumia' Will Replace the Nokia Brand 150

Posted by timothy
from the not-many-years-from-dominance dept.
jones_supa writes The last emblems of Nokia are being removed from Microsoft products. "Microsoft Lumia" is the new brand name that takes their place. The name change follows a slow transition from Nokia.com over to Microsoft's new mobile site, and Nokia France will be the first of many countries that adopt "Microsoft Lumia" for its Facebook, Twitter, and other social media accounts. Microsoft has confirmed to The Verge that other countries will follow the rebranding steps in the coming weeks. Nokia itself continues as a reborn company focusing on mapping and network infrastructure services.

Comment: Apple Don't Design for Yestserday, but for Fanboys (Score 4, Insightful) 369

by peppepz (#48180437) Attached to: Apple Doesn't Design For Yesterday
This has to be the biggest piece of Apple adulation that I've ever seen. A practice of flattery over everything Apple do is always superabundant in most of the output of the American tech press: we're used, for instance, to the reviewers' pirouettes when they first dismiss some bad choice by Apple as irrelevant, and then they have to praise the reversal of that choice as the best thing after sliced bread in some later version of an Apple product.

But in this case, well, Apple does something wrong (not even remotely comparable to the trainwreck that Microsoft did with Metro, I'll concede) that devalues the largest part of its already expensive product line, with the exception of the most expensive products, and without adding any value to those either, but Apple fan are happy nonetheless because... it's good to be shown how Apple does not care about who doesn't spend the most?

What is this, an exercise of asceticism in the path of the true Apple worship?

Android

Google Releases Android 5.0 Lollipop SDK and Nexus Preview Images 77

Posted by Soulskill
from the progressively-sillier-names dept.
An anonymous reader writes: As promised, Google today released the full Android 5.0 Lollipop SDK, along with updated developer images for Nexus 5, Nexus 7 (2013), ADT-1, and the Android emulator. The latest version of Android isn't available just yet, but the company is giving developers a head start (about two weeks), so they can test their apps on the new platform. To get the latest Android 5.0 SDK, fire up Android SDK Manager and head to the Tools section, followed by latest SDK Tools, SDK Platform-tools, and SDK Build-tools. Select everything under the Android 5.0 section, hit "Install packages...", accept the licensing agreement, and finally click Install. Google also rolled out updated resources for their Material Design guidelines.
Debian

Debian Talks About Systemd Once Again 519

Posted by Soulskill
from the strong-opinions-all-around dept.
An anonymous reader writes: A couple of months ago the technical committee for Debian decided in favor of systemd. This is now a subject for discussion once again, and Ian Jackson says he wants a general resolution, so every developer within the Debian project can decide. After a short time, the required amount of supporters was reached, and the discussion can start once again.

Comment: Re:Open Source? (Score 1) 344

by peppepz (#48125359) Attached to: ChromeOS Will No Longer Support Ext2/3/4 On External Drives/SD Cards

From reading the linked discussion (before people started having shitfits), a dev suggested removing extFS support as "an unnecessary feature"

A dev announced that extFS support had been removed in beta. To people protesting, they replied that the feature was going away full stop. They even modified the ChromeOS feature page stating that ChromeOS had ext support.

because of theoretical security issues

Because of FUD. Stating that supporting the ext file system poses a security issue is FUD: it is FUD by definition, and it is FUD in particular because ext is massively used in security-critical contexts including Google's servers and Google's Android operating system. Why, ext4's key developer is a Google employee IIRC!

and because it interfered with implementing file system renaming (which looks to be surprisingly tricky to do right).

Because they didn't want to implement the few lines of code supposed to invoke the already existing facilities that set the file system label. A thing that, for tricky that it may be, was done right by the Commodore 64's 1541 floppy drive OS, by MS-DOS, by all versions of Windows, by all Linux-based desktops, by AmigaDOS, by OSX, and probably most existing operating system.

In no time at all, objections were posted, some of them rather aggressive in tone.

One of the last comments before disallowing further comments was that they were looking into keeping extFS support, but throwing an error message if you try to rename an extFS volume, and possibly implementing extFS support in userspace for security reasons.

After the slashdot story was published, after my comment was written, when more and more people started stating, most of them politely, that removing ext support would make ChromeOS unsuitable for their work, and that they were upset because there was no credible explanation for the removal of the feature, only after that developers stopped ignoring their discontent and decided to leave ext support in for the time being, but still without writing the code required to alter the filesystem label.

All of this seems quite reasonable when considering what ChromeOS is and its usual usecase.

And when did I say otherwise? I even said the same thing in another comment.

Comment: Re:Open Source? (Score 2) 344

by peppepz (#48123753) Attached to: ChromeOS Will No Longer Support Ext2/3/4 On External Drives/SD Cards
Open Source != GPLv3. People can write all the code that they like but unless Google want to, their chances of actually seeing that code running on Chromebooks is zero. In this case, Google have already decided that the feature (which is already there) has to go, because simplicity.

Comment: Google's laptop, Google's rules (Score 2) 344

by peppepz (#48123665) Attached to: ChromeOS Will No Longer Support Ext2/3/4 On External Drives/SD Cards
Buy a real laptop if you want to do whatever you want with it. If you buy (?) a locked-down device, which is controlled by a remote commercial entity and not by you, then don't act surprised when they don't support some use case of yours which doesn't help them make money.
Operating Systems

Systemd Adding Its Own Console To Linux Systems 774

Posted by Soulskill
from the if-you-want-something-done-right dept.
An anonymous reader writes: The next version of systemd is poised to introduce an experimental "systemd-consoled" that serves as a user-space console daemon. The consoled furthers the Linux developers' goal of eventually deprecating the VT subsystem found within the Linux kernel in favor of a user-space driven terminal that supports better localization, increased security, and greater robustness of the kernel's seldom touched and hairy CONFIG_VT'ed code.

Comment: Re: Only the beginning (Score 1) 236

by peppepz (#48001849) Attached to: First Shellshock Botnet Attacking Akamai, US DoD Networks

In terms of the ratio of Linux distributions which use Bash as the default shell versus those that do not, the vast majority still use Bash.

Even if this is true, and no I haven't checked it, it has no relevance over the reality of how many people are effectively using Bash together with the Linux kernel, which is a matter of which distributions people effectively use. I do aknowledge that RedHat-derived distributions are probably more common on servers, but I'm just guessing that out of prejudice.

Debian-based distributions use dash as the default system shell, but Bash remains the default interactive shell,

If you really had a server of any kind which spawned a *real user login shell* as a result of a remote client request of any kind, then you would already have a huge security problem. Moreover, I expect lots of people will use Bash as their persoanl shell even on BSDs as it's so much better than Tcsh.

and many scripts specify #!/bin/bash in their shebang line.

Then they are as broken on FreeBSD (or any other OS) as well as they are on Linux distributions that haven't Bash as the system shell.

That last bit is important, because we're living in times where an increasing number of developers are releasing code for network daemons which are designed to be easily run under unprivileged user accounts by those same users. Regardless of how secure the daemons themselves may be, the simple fact that they're executed with Bash as their parent process means they're vectors for system compromise from bugs like Shellshock.

How so? The bug is triggered when you start a buggy Bash shell having a malicious environment variable set up by the parent. Having Bash itself as a parent isn't a problem, because the bug is triggered when the environment is parsed at Bash's startup time (the shell might even crash afterwards).

The karma bonus posting option is enabled by default for a reason. When people who have an established track record of saying meaningful things (as determined by the up-modded metric) post comments, those comments are automatically ranked higher. Likewise, the moderation system provides for down-modding of any given comment, which has the side effect of karma reduction for the "offending" poster. The fact that you don't like what someone has to say is really of little consequence unless you have mod points; this is by design.

The karma bonus is there as a measure to let *you* moderate your own comments. If you consider 2,000 characters of condescendension as something that is worth promoting, good for you, but don't expect other readers to share your conviction.

Comment: Re: Only the beginning (Score 2) 236

by peppepz (#48001215) Attached to: First Shellshock Botnet Attacking Akamai, US DoD Networks
Now you just have to find some server package which allows an unnprivileged remote client to trigger the execution of a Zimbra init script.

The funny thing is that, should you find it, such package would be vulnerable on FreeBSD in the exactly same way as it were on Linux, nullifying the argument that you are trying to make, about the Bash bug being a "Linux bug" that FreeBSD users shouldn't worry about.

Comment: Re: Only the beginning (Score 1) 236

by peppepz (#48001187) Attached to: First Shellshock Botnet Attacking Akamai, US DoD Networks

I have never seen this even by the BSD folks. I think you are delusional.

Look at the comments of every slashdot story about some BSD, when the topic of market share comes out.

I won't post links to individual comments here, because I would find it both rude and pedantic.

For most users OSX will have no exposure even though it has the vulnerable Bash.

It depends on wether /bin/sh points to bash on OSX.

It does not use dhclient nor does it use a shell for processing DHCP, instead it uses the ipconfig agent.

Not to mention the fact that if people are connecting their machines to rogue DHCP servers, they're compromised anyway.

Sharing is disabled by default and this includes SSH. Only folks that explicitly run remote services or use the Server product will be exposed.

It's not that the typical Linux distribution opens telnet to the world by default, either.

Comment: Re: Only the beginning (Score 1) 236

by peppepz (#48000837) Attached to: First Shellshock Botnet Attacking Akamai, US DoD Networks

Please tell us all how many Linux-based systems you operate that run only a bare kernel.

In the meantime I've told you how many Linux-based systems don't use bash as their default shell. The reality being opposite to your arbitrary statement that "the vast majority" of them do.

and the Karma Bonus

Who cares about that?

You should. Its purpose is to override other people's posts when you have something important to say.

Wrong. It's not personal, really.

[...]

You can always phone RMS up if want to have a nice "omg yes Linux is not GNU and GNU is not Linux" conversation.

Plonk.

That particular point has no value in this context, as the discussion here is on complete operating systems, not bare kernels.

Did he laugh about Debian/kFreeBSD? Did he laugh about OSX? Did he laugh about Cygwin or SUA? No, but he laughed about a minority subset of Linux distributions, and called them "Linux", having an uninformed reader believe that the bug is in Linux (it isn't) or that all Linux distributions are affected (many aren't). He was so aware of this fact, that he posted anonymously.

Which is not to say that this bug isn't serious, because it's huge. It's to say that this is not a "Linux bug", in any possible meaning of the phrase, strict or lax.

In a consumer society there are inevitably two kinds of slaves: the prisoners of addiction and the prisoners of envy.

Working...